---
title: Dependency Security
description: Security measures taken to keep your dependencies secure.
---

next-forge has Dependabot configured in `.github/dependabot.yml` to check for updates every month. When there are package updates, a pull request will be opened.

You may want to consider a dependency analysis tool like Socket to check for issues with dependencies in pull requests. We also recommend enabling [GitHub Secret Scanning](https://docs.github.com/en/code-security/secret-scanning/introduction/about-secret-scanning) or a tool [Gitleaks](https://github.com/gitleaks/gitleaks) or [Trufflehog](https://github.com/trufflesecurity/trufflehog) to check for secrets in your code.
